Windows, Nintendo, and LinkedIN – Hack Naked News #170

This week, Apple and issues of trust, LinkedIN leaks, spending money on ransomware, dead fingerprints, mysterious medical hacks, and hacking the Nintendo switch with no patches even possible? Jason Wood from Paladin Security joins us for expert commentary, and more on this episode of Hack Naked News! Security News ‘iTunes Wi-Fi Sync’ Feature Could Let […]
The post Windows, Nintendo, and LinkedIN – Hack Naked News #170 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/hPyGw5pf3J0/

Exploit Targets Nvidia Tegra-Based Nintendo Systems

Researchers have found an exploit in Nvidia Tegra X1-based systems that they say cannot be patched.

Link: https://threatpost.com/exploit-targets-nvidia-tegra-based-nintendo-systems/131377/

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch […]

Link: https://threatpost.com/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2/131373/

HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?

Link: https://threatpost.com/hackerone-ceo-talks-bug-bounty-programs-at-rsa-conference/131325/

Cloud Credentials: New Attack Surface for Old Problem

Researchers show why keeping a handle on user credentials is just as hard in the cloud as it is on local networks.

Link: https://threatpost.com/cloud-credentials-new-attack-surface-for-old-problem/131304/

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Researchers are warning malware payloads can bypass traditional AV protection when delivered buried inside images, documents or even just a pixel.

Link: https://threatpost.com/use-of-stegware-increases-in-stealth-malware-attacks/131293/

Researcher Billy Rios, Talks Medical Device Security at RSA Conference 2018

Researcher Billy Rios, founder of WhiteScope, discusses medical device hacking at RSA Conference 2018 with Threatpost’s Tom Spring.

Link: https://threatpost.com/researcher-billy-rios-talks-medical-device-security-at-rsa-conference-2018/131276/

Automated Bots Growing Tool For Hackers

The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found.

Link: https://threatpost.com/automated-bots-growing-tool-for-hackers/131230/

Google Play Boots Three Malicious Apps From Marketplace Tied to APTs

Researchers said three apps used to surveil Middle East targets were booted from the Google Play marketplace.

Link: https://threatpost.com/google-play-boots-three-malicious-apps-from-marketplace-tied-to-apts/131214/

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

Microsoft patched a bug that allowed attackers to steal a target’s Windows account password via previewed Outlook message.

Link: https://threatpost.com/outlook-bug-allowed-hackers-to-use-rtf-files-to-steal-windows-passwords/131169/